296 matches found
CVE-2025-43983
KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...
CVE-2025-5344
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects a...
PT-2025-29691 · Unknown · Zwx-2000Csw2-Hn
Name of the Vulnerable Software and Affected Versions: ZWX-2000CSW2-HN versions prior to 0.3.19 ZWX-2000CS2-HN affected versions not specified Description: A use of hard-coded credentials issue exists. Exploitation of this issue may allow an attacker to tamper with device settings by obtaining th...
CVE-2025-41648 Pilz: Authentication Bypass in IndustrialPI Webstatus
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI...
CVE-2024-41999
Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device's...
CVE-2024-47001
Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
CVE-2024-24486
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEPDATA command...
CVE-2023-45844
The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...
CVE-2023-30766
Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...
CVE-2023-0837
An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked. This can result in unwanted changes to the configuration...
CVE-2022-34840
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier,...
CVE-2022-44620
Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
CVE-2022-43464
Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
CVE-2022-44211
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings...
CVE-2021-20650
Cross-site request forgery CSRF vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...
CVE-2021-20636
Cross-site request forgery CSRF vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted...
CVE-2025-3659
Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: Digi PortServer TS - prior to and including 82000747AA, build date 06/17/2022 Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774Z, build date 10/19/2020...
CVE-2025-30512
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely e.g., on/off...
CVE-2024-41795
The CVE concerns Siemens SENTRON 7KT PAC1260 Data Manager (All versions) whose web interface is vulnerable to CSRF, enabling an unauthenticated attacker to alter device settings by tricking an admin into a malicious link. Several connected sources corroborate that the vulnerability involves chang...
CVE-2024-41795
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices is vulnerable to Cross-Site Request Forgery CSRF attacks. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device...